IP Address: 31.14.131.239Previously Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:
31.14.131.239​
Previously Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information

Role

Attacker, Connect-Back

Services Targeted

HTTP

Tags

HTTP Outgoing Connection Malicious File IDS - Potential Corporate Privacy Violation Inbound HTTP Request

Associated Attack Servers

aruba.it

52.173.74.230 52.173.93.211

Basic Information

IP Address

31.14.131.239

Domain

-

ISP

Aruba S.p.A.

Country

Italy

WHOIS

Created Date

1999-12-07

Updated Date

2020-04-11

Organization

aruba Spa

First seen in Guardicore Centra

2017-03-12

Last seen in Guardicore Centra

2017-03-12

What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

An inbound HTTP request was made to http://52.173.93.211/db/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.173.93.211/mysql/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.173.93.211/admin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.173.93.211/mysqladmin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.173.93.211/php-my-admin/scripts/setup.php

Inbound HTTP Request

Process /usr/local/apache2/bin/httpd generated outgoing network traffic to: aruba.it:21

Outgoing Connection

An inbound HTTP request was made to http://52.173.93.211/dbadmin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.173.93.211/pma/scripts/setup.php

Inbound HTTP Request

IDS detected Potential Corporate Privacy Violation : Unsupported/Fake Internet Explorer Version MSIE 5.

IDS - Potential Corporate Privacy Violation

An inbound HTTP request was made to http://52.173.93.211/phpadmin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.173.93.211/cpanelphpmyadmin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.173.93.211/cpphpmyadmin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.173.93.211/phpmyadmin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.173.93.211/php/phpmyadmin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.173.93.211/_phpmyadmin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.173.93.211/forum/phpmyadmin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.173.93.211/myadmin/scripts/setup.php

Inbound HTTP Request

/tmp/sess_9ee19910b5b9f183150ad620a1d9fcc061236b79 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_136ad48dc2d5d2005d84b5e2c5f216c36dc81234 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_b8341bc85064a41e7a255fb726a1e3db2b5525dc was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_7b2cb043e56a714b47ba5c5860d653bcb3f7b942 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_c0c2a38432cf96af2ba6ca3e094278043d739a40 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_5a5bbe94ba0697b93b357e35eff1c8e7c2bc88d2 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_e0fd1b8dc3ffbe519fd6aacd84788ba5ace6f169 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_a8f7a4f02c23c67908fc9a7c8889a9c6d47f5b6d was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_1994bc5eb096d87231ed6a2a1212908e2c6fff94 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_ef449063976bd687996e207abdf304f3441a0bb5 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_5a149e57d710e395b9b1460271dfeecc1ffe4357 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_53426ee19e694fd6f318256d3bc5db9d44cca05b was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_e51087b2ca3bdfa4673bbba2933f157d48a6bd3b was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_2f293a735b19c2c31964eda028fd15bb4f4eb128 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_6dc2295cfa435e7240316a4f7a4f329ecb7ce455 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address: 31.14.131.239​Previously Malicious